Vulnerability Details : CVE-2012-1106
The C handler plug-in in Automatic Bug Reporting Tool (ABRT), possibly 2.0.8 and earlier, does not properly set the group (GID) permissions on core dump files for setuid programs when the sysctl fs.suid_dumpable option is set to 2, which allows local users to obtain sensitive information.
Exploit prediction scoring system (EPSS) score for CVE-2012-1106
Probability of exploitation activity in the next 30 days: 0.04%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 6 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2012-1106
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
1.9
|
LOW | AV:L/AC:M/Au:N/C:P/I:N/A:N |
3.4
|
2.9
|
NIST |
CWE ids for CVE-2012-1106
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-1106
-
https://fedorahosted.org/abrt/changeset/23d6997d7886abe118c28254f7f73f0b19b2d4e0
Infrastructure/Fedorahosted-retirement - Fedora Project WikiExploit;Patch
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/76524
abrt setuid process information disclosure CVE-2012-1106 Vulnerability Report
-
http://rhn.redhat.com/errata/RHSA-2012-0841.html
RHSA-2012:0841 - Security Advisory - Red Hat Customer Portal
-
http://www.securityfocus.com/bid/54121
abrt CVE-2012-1106 Information Disclosure Vulnerability
Products affected by CVE-2012-1106
- cpe:2.3:a:redhat:automatic_bug_reporting_tool:*:*:*:*:*:*:*:*